From cfae56d2c256e83ebef735588d12cb0cc8fa97f1 Mon Sep 17 00:00:00 2001 From: Boone Gorges Date: Sun, 10 Jan 2016 03:26:26 +0000 Subject: [PATCH] Avoid invalid SQL when building ORDER BY clause using long search strings. The introduction of negative search terms in 4.4 [34934] introduced the possibility that the ORDER BY clause of a search query could be assembled in such a way as to create invalid syntax. The current changeset fixes this by ensuring that the ORDER BY clause corresponding to the search terms is excluded when it would otherwise be empty. Props salvoaranzulla. Fixes #35361. Built from https://develop.svn.wordpress.org/trunk@36251 git-svn-id: http://core.svn.wordpress.org/trunk@36218 1a063a9b-81f0-0310-95a4-ce76da25c4cd --- wp-includes/query.php | 7 +++++-- wp-includes/version.php | 2 +- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/wp-includes/query.php b/wp-includes/query.php index d53ec42788..3703428d95 100644 --- a/wp-includes/query.php +++ b/wp-includes/query.php @@ -2268,7 +2268,7 @@ class WP_Query { $like = '%' . $wpdb->esc_like( $q['s'] ) . '%'; } - $search_orderby = '(CASE '; + $search_orderby = ''; // sentence match in 'post_title' if ( $like ) { @@ -2289,7 +2289,10 @@ class WP_Query { if ( $like ) { $search_orderby .= $wpdb->prepare( "WHEN $wpdb->posts.post_content LIKE %s THEN 4 ", $like ); } - $search_orderby .= 'ELSE 5 END)'; + + if ( $search_orderby ) { + $search_orderby = '(CASE ' . $search_orderby . 'ELSE 5 END)'; + } } else { // single word or sentence search $search_orderby = reset( $q['search_orderby_title'] ) . ' DESC'; diff --git a/wp-includes/version.php b/wp-includes/version.php index a780188a77..4cca1d3c2d 100644 --- a/wp-includes/version.php +++ b/wp-includes/version.php @@ -4,7 +4,7 @@ * * @global string $wp_version */ -$wp_version = '4.5-alpha-36250'; +$wp_version = '4.5-alpha-36251'; /** * Holds the WordPress DB revision, increments when changes are made to the WordPress DB schema.